Example 1 with SC_UNAUTHORIZED
use of javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED in project dcache by dCache.
the class MacaroonRequestHandler method buildMacaroon.
private String buildMacaroon(String target, Request request) throws ErrorResponseException {
checkValidRequest(request.isSecure(), "Not secure transport");
if (Subjects.isNobody(getSubject())) {
throw new ErrorResponseException(SC_UNAUTHORIZED, "Authentication required");
}
MacaroonContext context = buildContext(target, request);
MacaroonRequest macaroonRequest = parseJSON(request);
try {
List<Caveat> caveats = new ArrayList<>();
List<Caveat> beforeCaveats = new ArrayList<>();
for (String serialisedCaveat : macaroonRequest.getCaveats()) {
Caveat caveat = new Caveat(serialisedCaveat);
(caveat.hasType(BEFORE) ? beforeCaveats : caveats).add(caveat);
}
macaroonRequest.getValidity().map(Duration::parse).map(Instant.now()::plus).map(i -> new Caveat(BEFORE, i)).ifPresent(beforeCaveats::add);
Instant expiry = calculateExpiry(context, beforeCaveats);
MacaroonProcessor.MacaroonBuildResult result = _processor.buildMacaroon(expiry, context, caveats);
request.setAttribute(MACAROON_ID_ATTRIBUTE, result.getId());
return result.getMacaroon();
} catch (DateTimeParseException e) {
throw new ErrorResponseException(SC_BAD_REQUEST, "Bad validity value: " + e.getMessage());
} catch (InvalidCaveatException e) {
throw new ErrorResponseException(SC_BAD_REQUEST, "Bad requested caveat: " + e.getMessage());
} catch (InternalErrorException e) {
throw new ErrorResponseException(SC_INTERNAL_SERVER_ERROR, "Internal error: " + e.getMessage());
}
}
Also used :
Request(org.eclipse.jetty.server.Request)
Restriction(org.dcache.auth.attributes.Restriction)
Subjects(org.dcache.auth.Subjects)
URISyntaxException(java.net.URISyntaxException)
LoggerFactory(org.slf4j.LoggerFactory)
Expiry(org.dcache.auth.attributes.Expiry)
GsonBuilder(com.google.gson.GsonBuilder)
Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument)
AuthenticationHandler(org.dcache.http.AuthenticationHandler)
JSONObject(org.json.JSONObject)
CharStreams(com.google.common.io.CharStreams)
PathMapper(org.dcache.http.PathMapper)
Duration(java.time.Duration)
URI(java.net.URI)
CDC(dmg.cells.nucleus.CDC)
PrintWriter(java.io.PrintWriter)
ImmutableSet(com.google.common.collect.ImmutableSet)
Collection(java.util.Collection)
Caveat(org.dcache.macaroons.Caveat)
Instant(java.time.Instant)
MaxUploadSize(org.dcache.auth.attributes.MaxUploadSize)
Objects(java.util.Objects)
BEFORE(org.dcache.macaroons.CaveatType.BEFORE)
DateTimeParseException(java.time.format.DateTimeParseException)
List(java.util.List)
InvalidCaveatException(org.dcache.macaroons.InvalidCaveatException)
Optional(java.util.Optional)
AccessController(java.security.AccessController)
TRUE(java.lang.Boolean.TRUE)
LoginAttribute(org.dcache.auth.attributes.LoginAttribute)
JsonParseException(com.google.gson.JsonParseException)
FsPath(diskCacheV111.util.FsPath)
SC_INTERNAL_SERVER_ERROR(javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR)
AbstractHandler(org.eclipse.jetty.server.handler.AbstractHandler)
CellAddressCore(dmg.cells.nucleus.CellAddressCore)
ArrayList(java.util.ArrayList)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CellIdentityAware(dmg.cells.nucleus.CellIdentityAware)
HomeDirectory(org.dcache.auth.attributes.HomeDirectory)
MacaroonContext(org.dcache.macaroons.MacaroonContext)
SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)
MacaroonProcessor(org.dcache.macaroons.MacaroonProcessor)
InvalidCaveatException.checkCaveat(org.dcache.macaroons.InvalidCaveatException.checkCaveat)
Logger(org.slf4j.Logger)
PrefixRestriction(org.dcache.auth.attributes.PrefixRestriction)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
DenyActivityRestriction(org.dcache.auth.attributes.DenyActivityRestriction)
Subject(javax.security.auth.Subject)
NDC(org.dcache.util.NDC)
Strings.emptyToNull(com.google.common.base.Strings.emptyToNull)
ChronoUnit(java.time.temporal.ChronoUnit)
RootDirectory(org.dcache.auth.attributes.RootDirectory)
SC_BAD_REQUEST(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST)
InternalErrorException(org.dcache.macaroons.InternalErrorException)
Required(org.springframework.beans.factory.annotation.Required)
Collections(java.util.Collections)
InvalidCaveatException(org.dcache.macaroons.InvalidCaveatException)
Caveat(org.dcache.macaroons.Caveat)
InvalidCaveatException.checkCaveat(org.dcache.macaroons.InvalidCaveatException.checkCaveat)
Instant(java.time.Instant)
ArrayList(java.util.ArrayList)
InternalErrorException(org.dcache.macaroons.InternalErrorException)
MacaroonProcessor(org.dcache.macaroons.MacaroonProcessor)
MacaroonContext(org.dcache.macaroons.MacaroonContext)
DateTimeParseException(java.time.format.DateTimeParseException)
Example 2 with SC_UNAUTHORIZED
use of javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED in project common-java-modules by navikt.
the class CsrfDoubleSubmitCookieFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String path = request.getRequestURI().substring(request.getContextPath().length());
if (stream(ignoredUrls).noneMatch(path::startsWith)) {
if (ALLOWED_METHODS.contains(request.getMethod())) {
if (request.getCookies() == null || stream(request.getCookies()).noneMatch(cookie -> cookie.getName().equals(CSRF_COOKIE_NAVN))) {
response.addCookie(createCsrfProtectionCookie(request));
}
} else if (!cookieMatcherHeader(request)) {
LOG.warn("Feil i CSRF-sjekk. " + "Bruker du dette filteret må du i frontend sørge for å sende med NAV_CSRF_PROTECTION-cookien som en header med navn NAV_CSRF_PROTECTION og verdien til cookien. " + "Er headeren satt? " + isNotBlank(request.getHeader(CSRF_COOKIE_NAVN)));
response.sendError(SC_UNAUTHORIZED, "Mangler NAV_CSRF_PROTECTION-cookie!! Du må inkludere cookie-verdien i en header med navn NAV_CSRF_PROTECTION");
return;
}
}
filterChain.doFilter(request, response);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Logger(org.slf4j.Logger)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Set(java.util.Set)
CSRF_COOKIE_NAVN(no.nav.sbl.rest.RestUtils.CSRF_COOKIE_NAVN)
IOException(java.io.IOException)
UUID(java.util.UUID)
HashSet(java.util.HashSet)
javax.servlet(javax.servlet)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Stream(java.util.stream.Stream)
StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank)
Arrays.asList(java.util.Arrays.asList)
LoggerFactory.getLogger(org.slf4j.LoggerFactory.getLogger)
Cookie(javax.servlet.http.Cookie)
Arrays.stream(java.util.Arrays.stream)
SC_UNAUTHORIZED(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Aggregations
IOException (java.io.IOException)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
SC_UNAUTHORIZED (javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED)2
Logger (org.slf4j.Logger)2
Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1
Strings.emptyToNull (com.google.common.base.Strings.emptyToNull)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
CharStreams (com.google.common.io.CharStreams)1
GsonBuilder (com.google.gson.GsonBuilder)1
JsonParseException (com.google.gson.JsonParseException)1
FsPath (diskCacheV111.util.FsPath)1
CDC (dmg.cells.nucleus.CDC)1
CellAddressCore (dmg.cells.nucleus.CellAddressCore)1
CellIdentityAware (dmg.cells.nucleus.CellIdentityAware)1
PrintWriter (java.io.PrintWriter)1
TRUE (java.lang.Boolean.TRUE)1
URI (java.net.URI)1
URISyntaxException (java.net.URISyntaxException)1
AccessController (java.security.AccessController)1
